We claim: 

1 . A database management system having an access control subsystem, said database 
management system comprising: 

a) a plurality of user entries representing users seeking access to data items, each of 
said user entries having at least one organizational access attribute; and 

b) a plurality of data items, each of said data items being a data file, a data field 
within a data file, or a view of data items, and selected ones of said data items have at 
least one organizational access attribute; 

said access control subsystem being configured to: 

a) receive a database query from a user requesting one or more data items; 

b) read the user's organizational access attributes; 

c) read the data item's organizational access attributes; and 

d) present data items to the user to which the user, based on the user's access 
attributes, has access. 

2. The database management system of claim 1 in which access is granted to the user by 
determining whether the user's organizational access attributes and the data item's organizational 
attributes include a match. 

3. The database management system of claim 1 wherein a plurality of organizations 
exclusively own individual data files in the database management system, whereby an individual 
data file has a single owner. 

4. The database management system of claim 3 wherein said access control subsystem is 
configured to authorize a customer of an owner organization having access to a data item to grant 
access to the data item to an additional user while the customer accesses the data item. 
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5. The database management system of claim 4 wherein said access control subsystem is 
configured to authorize the customer of the owner organization to access the data item and to 
thereafter authorize the additional user to access and update the data item. 

6. The database management system of claim 1 wherein said organizational access 
attributes are configured hierarchically, such that each organizational access attribute has a 
hierarchical level and a hierarchical branch, and each user access attribute has a hierarchical 
level and a hierarchical branch, and said access control subsystem is configured to grant access 
based on one or both of (a) the hierarchical levels of the user and data item, or (b) the 
hierarchical branch of the user and data item. 

7. The database management system of claim 6 wherein said hierarchical levels correspond 
to ranges of organizations, and to data items identified thereto. 

8. The database management system of claim 7 wherein the data items are chosen from the 
group consisting of data fields, data files, and views. 

9. The database management system of claim 6 wherein said hierarchical branches 
correspond to virtual or real organizations and data items identified thereto, 

10. The database management system of claim 9 wherein said data items are chosen from the 
group consisting of data files and views, 

1 1 . The database management system of claim 6 wherein hierarchical levels correspond to 
access to data fields and data views, and hierarchical branches correspond to access to data files 
and data views. 

12. A method of managing a database having: 

a) a plurality of user entries representing users seeking access to data items, each of 
said user entries having at least one organizational access attribute; and 

b) a plurality of data items, each of said data items being a data file, a data field 
within a data file, or a view of data items, and selected ones of said data items have at 
least one organizational access attribute; 
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said method comprising: 



a) receiving a database query from a user requesting one or more data items; 

b) reading the user's organizational access attributes; 

c) reading the data item's organizational access attributes; and 

d) presenting data items to the user to which the user based on the user's access 
attributes has access. 

1 3 . The method of claim 1 2 comprising determining whether the user's organizational access 
attributes and the data item's organizational access attributes include a match, and if so, granting 
access. 

14. The method of claim 12wherein a plurality of organizations exclusively own individual 
data files in the database management system, and an individual data file has a single owner. 

15. The method of claim 14 comprising a customer of an owner organization having access 
to a data item granting access to the data item to an additional user while the customer is 
accessing the data item. 

1 6. The method of claim 1 5 comprising the customer of the owner organization accessing the 
data item and to thereafter authorize the additional user to access and update the data item. 

1 7. The method of claim 12wherein said organizational access attributes are configured 
hierarchically, such that each organizational access attribute has a hierarchical level and a 
hierarchical branch, and each user access attribute has a hierarchical level and a hierarchical 
branch, said method comprising granting access based on one or both of (a) the hierarchical 
levels of the user and data item, or (b) the hierarchical branch of the user and data item. 

1 8. The method of claim 1 7 wherein said hierarchical levels correspond to ranges of 
organizations, and to data items identified thereto. 

1 9. The method of claim 1 8 wherein the data items are chosen from the group consisting of 
data fields, data files, and views. 
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20. The method of claim 1 7 wherein said hierarchical branches correspond to virtual or real 
organizations and data items identified thereto. 



21 . The method of claim 20 wherein said data items are chosen from the -group consisting of 
data files and views. 

22. The method of claim 1 7 wherein hierarchical levels correspond to access to data fields 
and data views, and hierarchical branches correspond to access to data files and data views. 

23 . A method of managing a database system having a plurality of files, said files having a 
plurality of fields, said database being divisible into multiple sets of file and field entries having 
views visible to users having personal, positional, or organizational attributes associated with the 
said views, said users being divisible into multiple membership sets based upon organizational 
attributes, which method comprises: 

(a) determining the personal, positional, and organizational attributes of users; and 

(b) when a users queries the database: 

(i) accessing files and fields within the database to which the user has access 
based upon the user's attributes; and 

(ii) presenting a view to which the user has access based upon the user's 

attributes. 

24. The method of claim 23 comprising determining access to files based upon one attribute 
and determining access to fields based upon another attribute. 

25. The method of claim 23 comprising determining access to files based upon a first 
organizational attribute and determining access to fields within the files based upon one of a 
personal attribute or a second organizational attribute. 

26. The method of claim 23 comprising determining access to a file based upon an attribute 
and to at least one field in the file based upon the same attribute. 
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27. The method of claim 26 comprising determining access to a file based upon an 
organizational attribute and to at least one field in the file based upon the same organizational 
attribute. 

28. The method of claim 25 wherein one of said users is an internal user having access to 
first portions of a view, and wherein another one of said users is an external user having access 
to second portions of the view. 

29. The method of claim 28 wherein said first and second portions of the view are partially 
overlapping and partially non-overlapping. 

30. A database system comprising a database having a plurality of files, said files having a 
plurality of fields, said users having personal, positional, and organizational attributes, and being 
divisible into multiple membership sets based upon organizational attributes, said database 
having views visible to said users based upon the personal, positional, and organizational 
attributes thereof. 

3 1 . The database system of claim 30 wherein the multiple sets of files and fields are 
overlapping across organizations. 

32. The database system of claim 30 wherein the multiple sets of files and fields are disjoint 
across organizations. 

33. The database system of claim 30 wherein the multiple sets of users are in overlapping 
organizations. 

34. The database system of claim 30 wherein the multiple sets of users are in disjoint 
organizations. 

35. The database system of claim 30 wherein views visible to a user are determined by the 
user's organizational and positional attributes. 

36. The database system of claim 35 wherein view files are determined by a user's 
organizational attributes. 
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37. The database system of claim 35 wherein view fields are determined by a user's 
positional attributes. 

38. The database system of claim 35 wherein view files are determined by a user's 
organizational attributes, and view fields are determined by a user's positional attributes. 

39. A database system comprising a partitionable database of a plurality of separate virtual 
databases, each of said separate virtual databases having a unique database owner, and wherein a 
user can only access files in a virtual database to which the said user has access authorization 
from the database owner. 

40. The database system of claim 39 wherein said separate virtual databases are disjoint. 

4 1 . The database system of claim 40 wherein said separate, disjoint virtual databases have 
unique owners. 

42 . The database system of claim 41 wherein a user requires authorization from a database 
owner to access the owner's separate, virtual database. 

43. The database system of claim 42 wherein a user requires authorization from the owner of 
a file within the separate, virtual database to access the file owner's file. 

44. The database system of claim 43 wherein a user's access authorization to a particular file 
in the virtual database is granted by the file owner's initiation of a database call through an 
associated computer telephony integration (CTI) system. 

45. The database system of claim 44 wherein the database is a multi-tenant database having a 
plurality of tenants, each tenant being the owner of a separate virtual database, at least two of the 
tenants utilizing a common call center service. 

46. A method of managing a database system having a partitionable database of a plurality of 
separate virtual databases, each of said separate virtual databases having a unique database 
owner, said method comprising the owner of a separate virtual database granting access 
authorization to a user, and the user thereafter accessing a file in the virtual database to which the 
said user has been granted access authorization from the database owner. 
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47. The database management method of claim 46 wherein said separate virtual databases are 
disjoint. 



48. The database management method of claim 47 wherein said separate, disjoint virtual 
databases have unique owners. 

49. The database management method of claim 46 wherein a user requires authorization from 
the owner of a file within the separate, virtual database to access the file owner's file. 

50. The database management method of claim 49 wherein the file owner grants access 
authorization to the file owner's file in the virtual database to a user. 

5 1 . The database management method of claim SO wherein the file owner's initiation of a 
database call through an associated computer telephony integration (CTI) system grants access 
authorization to the file owner's file to a user. 

52. The database management method of claim S 1 wherein the database is a multi-tenant 
database having a plurality of tenants, each tenant being the owner of a separate virtual database, 
at least two of the tenants utilizing a common call center service. 
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